Develop Bugs

Security

Please can anyone expand on some of the security issues that are worrying me. I have been a pocket PC user up till now (HTC HD).
Every time I download an application I am informed that the application will may access one of the following:
1. SD card
2. The internet
3. The local network
As I keep many private things on my Desire I am worried that I am unknowingly "opening doors" for people to steal information.
What should I turn off or on to secure my Desire?
Are items downloaded from the Market secure?
Are items downloaded from other places secure?
Thanks
Sams

Don't worry about those security warnings, I just ignore them

samcory said:
As I keep many private things on my Desire I am worried that I am unknowingly "opening doors" for people to steal information.
Click to expand...
Click to collapse
Essentially, yes you are!
When you install an app, it requests certain permissions so it is in your interest to review that list and make sure that the permissions that the application is asking for reconcile with what the application is supposed to do.
For example, if I'm installing a video player, I don't expect that it should need access to my contacts, emails, or SMS messages, so if I installed one that asked for those permissions I would refuse it.
Are items downloaded from the Market secure?
Are items downloaded from other places secure?
Click to expand...
Click to collapse
Unlike the Apple AppStore, applications on the Market are not vetted so there is always the potential that someone could post up some malware - it is one of the few downsides of being an open platform.
Regards,
Dave

security
Virtually every other app seems to want acces to the internet, that does seem a bit dangerous!!
What we need is a nice site setup that vets the apps and makes a small charge for the service. I certainly would be happy to pay for such a service toavoid having my Exchange contacts and notes being used by some nasty stranger.
Sam

^ but then every other app needs internet access. Even if it was just to post a high score. More worrying is when an app wants access to contacts/SMS/ or wants read AND Write access to something.
I was unaware the apps were not vetted.

First SMS-sending Android Trojan reported

hey folks, thought this is useful for everybody
Source: cissp dot com website (cannot post the url)
"Security experts warned on Tuesday about what is believed to be the first Trojan targeting Android-based mobile devices that racks up charges by sending text messages to premium-rate numbers.
The Trojan-SMS malware, dubbed "Trojan-SMS.AndroidOS.FakePlayer.a," is being distributed via an unknown malicious Web site, said Denis Maslennikov, senior malware researcher at Kaspersky Lab.
Users are prompted to install a "media player application" that is a little bigger than 13 kilobytes, but which is hiding the Trojan inside, according to Kaspersky and mobile-phone security company Lookout, which analyzed the threat.
Like all Android apps, the program asks for permission to do certain things upon install. In this case it asks for permission to send SMS messages, with a prompt that identifies it as a "service that costs you money," as well as to read or delete data and collect data about the phone and the phone ID, Kaspersky and Lookout said.
Once installed, the Trojan starts sending SMS messages behind the scenes that cost several dollars per message, without the device owner knowing it.
It appears to be affecting Android smartphone users in Russia and to only work on Russian networks, Lookout said. "As far as we know, there is no indication that this app is in the Android Market," Lookout said in a blog post. It was also reported on a Russian smartphone news site.
A Google spokesman provided this statement when asked for comment: "Our application permissions model protects against this type of threat. When installing an application, users see a screen that explains clearly what information and system resources the application has permission to access, such as a user's phone number or sending an SMS. Users must explicitly approve this access in order to continue with the installation, and they may uninstall applications at any time. We consistently advise users to only install apps they trust. In particular, users should exercise caution when installing applications outside of Android Market."
Android users must change a default setting to accept apps from outside the Android marketplace.
To tell if you are affected, review your bills for any premium SMS messages. Lookout also suggests that if you have recently downloaded a media player, check the permission to make sure the app is not sending SMS messages.
The company recommends that smartphone users only download apps from trusted sources, and avoid downloading media player files that request permission to access your text messages, particularly if they want to send messages from the phone.
"

malicious app .. trojan:android plankton
Google Android Market is infected from new Plankton (Apperhand) variant
More than a Million infected from new Plankton(Apperhand) variant on Google android market
Over the last few weeks, Appriva Threat intelligence lab has seen a new variant of Trojan.Android.Plankton emerge embedded in various apps on the Google Android Market. This variant calls ‘itself’apperhand.
At the time of writing blog, the following apps are being detected by Appriva and one other Antivirus vendor. From the Google Android market it is estimated that more than a million users could be infected.

Trojan Horse?

Hi, just today I keep receiving notices from Avast that a harmful webpage has been blocked on EVERY single XDA webpage I visit including when I went to make this thread. I am able to visit other websites without this issue.
Is anyone else experiencing this?
Avast says that the webpage is rt.liftdna.com/liftrtb2.js
And that the Trojan is a JS: Downloader-AMY
Could it be possible that XDA Forums have been compromised?

Yes same time stamp...Same problem.
I tried on several computers, all give the same Avast message.
Does another Antivirus detect the same Trojan??

I haven't tried any other Antivirus but I did use Google's Website Diagnostic which came up with no issues
http://www.google.com/safebrowsing/diagnostic?site=http://www.xda-developers.com/

One of the vectors for infecting a machine is via an advert, so while xda isn't hosting the content, visitors can be caught out.

Yep getting it here as well

I gone through some more website scans and there appears to be no issues.
There must be something on XDA causing this

I'm getting it too, using Avast.

Also receiving the Avast alerts on every XDA page. It blocks 3 of the same Trojan on each page apparently.

Avast fail as far as I can see

Looking into it.

I have the same problem too.
http://rt.liftdna.com/liftrtb.js
js:downloader-amy [Tri]
I did not have this warning till this morning.

Just get Ghostery for Firefox, and all things will be fine again.
Ghostery blocks all Analytics, Malware and tracker websites.
examples :
goggleanalytics, G Adsense, Netshelter, LiftDNA and VigLink here on XDA.
Just seach on google for it.
PS: There are some Analytics Companies around who are trying to bypass Privacy Programs and Modes (Like FF/Chrome Privacy Mode) with installing Trojan like Cookies/Scripts. Maybe LiftDNA is one of them (Well the Name directs to it "Lift-DNA"). One otehr well known Company is Kissmetrics, and they are blocked too my Avast and Ghostery (both found a Way to stop these "evil" Scripts/Cookies).
pps, here is the Link about Kissmetrics :
http://www.wired.com/epicenter/2011/07/undeletable-cookie/

Having the very same problem, getting the same message with avast and chrome browser!!

heres a pic of the alert
http://img89.imageshack.us/img89/7416/xdatrojan.jpg

Looks like one of the ads is causing a false positive on Avast.

the_scotsman. read my Post.
LiftDNA is allmost doing the same as Kissmetrics.
LiftDNA got added today not senseless by Avast like they've added Kissmetrics before.

Same here, Avast doesnt like the java script XDA uses at all today.
-smc

kaliberx said:
Just get Ghostery for Firefox, and all things will be fine again.
Ghostery blocks all Analytics, Malware and tracker websites.
examples :
goggleanalytics, G Adsense, Netshelter, LiftDNA and VigLink here on XDA.
Just seach on google for it.
Click to expand...
Click to collapse
Ghostery for Chrome is not fixing this...
Edit: It blocks some .js files from LiftDNA, but still getting avast warning...

Uploaded with ImageShack.us

Blocked the script with URL http://rt.liftdna.com/liftrtb2.js with adblock
Worked!

[Q] How to detect spam?

Hey Guys,
I seem to have installed a program that at random opens up webpage with programs? And at random it opens up a pop-up with the same crappy programs...
Do you guys know of a way to find out which program that does this? And a way to clean all excess spam that it might have installed?
- Thanks in advance
- Bobo

you have to think which apps you installed just before those annoying things pop up. Otherwise try installing AD-Free from the market.

nm8 said:
you have to think which apps you installed just before those annoying things pop up. Otherwise try installing AD-Free from the market.
Click to expand...
Click to collapse
Thanks, I will try adfree
-Are there any other ideas?
- Bobo

I use these to keep my phones junk free:
AirPush Detector
AdAway
avast! Mobile Security
The first two will be fine if you just want to block ads but I like the added protection of avast! too.
It also helps to read the comments before installing any new apps as people will usually complain about spam and ads if they're deployed in sneaky manner

Great thanks for this...
- Bobo

I have a "xxooapp" folder and also getting random firefox popups when doing nothing

I have a "xxooapp" folder and also getting random firefox popups when doing nothing
For starters i have a folder on my phone called xxooapp and 3 random files with no extensions inside the folder.
Also I'm getting random popups in firefox and firefox focus while playing on my phone. I don't even have to be in in firefox to get popups. I have downloaded popup blockers and ad blockers for firefox and i also have adaway installed and no root firewall and blocked all apps that dont need internet. I also tried avg anti virus and it was clean. I've un-installed the last few programs that i have installed since it started but that didnt help either The webpage is newprofitcontrol.com/0/ every time
Any ideas on either of these? Thx

equlizer said:
For starters i have a folder on my phone called xxooapp and 3 random files with no extensions inside the folder...
Click to expand...
Click to collapse
Ever Google xxooapp? Free games (and malware) woo hoo!

v12xke said:
Ever Google xxooapp? Free games (and malware) woo hoo!
Click to expand...
Click to collapse
Unless you are using a different google than everyone else, all i see is nothing related to xxooapp except chinese/other languages.